BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: high

Invalid

Missing Validation Between Event Start and End Dates

wyd_derick

Root + Impact

Description

The contract allows event creation with customizable start and end timestamps, but does not enforce that the end date must be after the start date.
This could lead to invalid or unusable events being created, where the event ends before it starts or both timestamps are the same, breaking time-dependent logic elsewhere

function createEvent(

string memory name,

uint256 eventStartDate,

uint256 eventEndDate

) external onlyOwner {

@> events.push(Event({name: name, start: eventStartDate, end: eventEndDate}));

}

Risk

Likelihood:

Every event creation call risks invalid data entry since timestamps are unchecked.
It’s a high probability developer error during setup, especially with multiple concurrent events.

Impact:

Users and dApps may interact with already-expired or never-starting events.
Causes broken participation logic, e.g., deposits may instantly revert or never open.

Proof of Concept

Explanation:

Currently, this call succeeds silently, creating an event that ends before it begins.
Any logic that depends on block.timestamp (like participation checks) will break or produce inconsistent behavior.

function test_CreateEvent_InvalidTimestamps() public {

vm.expectRevert(); // Expect revert if validation is added

vault.createEvent("InvalidEvent", 1700000000, 1600000000); // end < start

}

Recommended Mitigation

Explanation:

Prevents logically impossible events from being stored.
Protects the system from downstream time-based logic errors.
Ensures reliable user experience and consistent state integrity.

function createEvent(

string memory name,

uint256 eventStartDate,

uint256 eventEndDate

) external onlyOwner {

+ require(eventEndDate > eventStartDate, "Invalid event timestamps");

events.push(Event({name: name, start: eventStartDate, end: eventEndDate}));

}

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!